#Rapid7 published some analysis of #malware likely dropped through the Notepad++ issue.
One of the loaders used by the malware is built with #Microsoft Warbird, a kernel-level code protection framework used by Windows. @cirosec blogged about how this framework could be abused a while back and also published a PoC on GitHub.
I'm one of the authors of that research. We included some thoughts on detection in the article but if there's any further questions about the technique or anything, ask away :)

#notepad #chrysalis #ioc #apt #warbird

IT-Defense 2026 is just around the corner and we’re really looking forward to our 23rd conference!

In the upcoming days, we will introduce this year’s speakers.

#itdefense2026

Sorry DB but we couldn't resist 🥵

Find out which stations, train lines and times are more delayed at https://chuuchuu.com/2025wrapped

Ever wondered how Beacon Object Files (BOFs) work under the hood?

In part three our blog series, you can read how we built our own BOF loader and integrated it with Mythic's Forge

You can find it at: https://cirosec.de/en/news/beacon-object-files-for-mythic-part-3/

Ever wondered how Beacon Object Files (BOFs) work under the hood?

In the second part of our blog-series you can find out more about real-world BOF implementations and their power.

Check out here: https://cirosec.de/en/news/beacon-object-files-for-mythic-part-2/

Ever wondered how Beacon Object Files (BOFs) work under the hood?

In our 3-part blog series, we break down:

✅ What BOFs are and why they matter (Part 1)
✅ Real-world BOF implementations and their power (Part 2)
✅ How we built our own BOF loader and integrated it with Mythic's Forge (Part 3)

Read the first part of our series now at https://cirosec.de/beacon-object-files-1/